How to Stop / shutdown iSQL*Plus
This short article shows how you can disable / shutdown / stop iSQL*Plus in Oracle. This web based version of SQL*Plus has been available since version 8iR3 (8.1.7) and is a useful tool but there are a few known security issues with its use in a production environment. Because it uses internet techniques to access the database you should be carful with its use. The SANS step-by-step guide has some details on securing iSQL*plus. These are also covered in the SANS S.C.O.R.E document and the CISecurity Oracle benchmark - both are based on the SANS step-by-step and can be found here
For instance just in Feb 2004 a new CSS exploit has been made public on the Oracle security alerts website using this tool as the example.
Here is how to disable iSQL*Plus:
on Windows you will find the file %ORACLE_HOME%\Apache\Apache\conf\oracle_apache.conf and then comment out the following line:
# #include "C:\oracle\ora90\sqlplus\admin\isqlplus.conf" #
Save the file and then restart Apache and iSQL*Plus will no longer work. This can be done from =>
Start -> Settings -> Control Panel -> Administrative Tools -> Services and then locate the Oracle HTTP server - for instance on my Oracle 9iR2 Personal Oracle its called "OracleOraHome90HTTPServer"
On Unix the file name is the same and in the same location but use $ORACLE_HOME instead of %ORACLE_HOME%. Also to restart apache on Unix use the apachectl script with start and stop commands.
Finally you can test if iSQL*Plus is indeed disabled by going to http://
Back
